OPTIGA™ Trust M V1 Software Framework
Quick navigation
Security Chip
Description
This repository contains a target-agnostic Software Framework for the OPTIGA™ Trust M security chip. It is a base for other application notes.
Key Features and Benefits
- High-end security controller
- Common Criteria Certified EAL6+ (high) hardware
- Turnkey solution
- Up to 10kB user memory
- PG-USON-10 package (3 x 3 mm)
- Temperature range (−40°C to +105°C)
- I2C interface with Shielded Connection (encrypted communication)
- Cryptographic support: ECC NIST P256/P384, SHA-256, TRNG, DRNG, RSA® 1024/2048
- OPTIGA™ Trust M Software Framework on Github
- Crypto ToolBox commands with ECC NIST P256/P384, SHA-256 (sign, verify, key generation, ECDH(E), key derivation), RSA® 1024/2048 (sign, verify, key generation, encrypt and decrypt)
- Device Security Monitor
- Hibernate for zero power consumption
- Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles
Get Started
OPTIGA™ Trust M evaluation kit
XCM1400 XTREME Connectivity Kit
The OPTIGA™ Trust M evaluation kit and XCM1400 XTREME Connectivity Kit are a starting point for a lot of application notes mentioned below.
Examples
- Get started guide
- Off-Chip TLS example (mbedTLS)
- AWS FreeRTOS example
- Zephyr OS driver
- Secure Firmware Update and Secure Boot (link is pending)
- Arduino library
- Personalize OPTIGA™ Trust
- OpenSSL Engine and Command Line Interface (for RPi3)
- Python package
- I2C Utilities
Software Framework overview
- See Trust M rev.1 Crypt API and Trust M rev. 1 Util API to know more about CRYPT and UTIL modules
- Information about the OPTIGA™ Trust M rev. 1 Command Library (CMD) can be found in the Solution Reference Manual In the same document you can find explanation of all Object IDs (OIDs) available for users as well as detailed technical explanation for all features and envisioned use cases.
- Infineon I2C Protocol implementation details can be found here
- Platform Abstraction Layer (PAL) overview and Porting Guide are presented in the Wiki
For more information please refer to the Wiki page of this project
Evaluation and developement kits
External links, open in the same tab.
-
OPTIGA™ Trust M Shield2Go Notes to the S2Go Security OPTIGA M:
- Supply voltage VCC is max. 5.5 V, please refer to the OPTIGA™ Trust M datasheet for more details about maximum ratings
- Ensure that no voltage applied to any of the pins exceeds the absolute maximum rating of VCC + 0.3 V
- Pin out on top (head) is directly connected to the pins of the OPTIGA™ Trust M
- If head is broken off, only one capacitor is connected to the OPTIGA™ Trust M
-
[XMC1400 OPTIGA™ Trust M Connectivity Kit](link is pending)
-
[OPTIGA™ Trust M Feather Wing™](link is pending)
Documentation
Usefull articles
-
In which form does OPTIGA return keys and signatures? (Wiki)
-
User API
-
Hardware-Security: "Einfach (und) Sicher" (external link, opens in the same tab) in German, Slides in English
Datasheet and Co.
For high level description and some important excerpts from the documentation please refer to Wiki page
Other downloadable PDF documents can be found below:
- OPTIGA™ Trust M rev.1 Datasheet v1.72 (PDF)
- OPTIGA™ Trust M rev.1 Solution Reference Manual v1.13 (PDF)
- OPTIGA™ Trust M rev.1 Keys and Certificates v1.50 (PDF)
- Infineon I2C protocol specification v2.02 (PDF)
- XMC1400_XTREME_Connectivity_Kit_Users_Guide v1.10 (PDF)
Board assembly recommendations
If you are planning to integrate OPTIGA™ Trust M in your PCB design have a look at the recommendations found here (external, opens in the same tab).
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
License
This project is licensed under the MIT License - see the LICENSE file for details
Disclaimer
Be aware that this software comes without any security claims and shall be used for evaluation purpose.